diff --git a/.gitignore b/.gitignore
index d2ef326..e1e2930 100644
--- a/.gitignore
+++ b/.gitignore
@@ -7,3 +7,4 @@
 *.backup
 secrets
 k8s/
+k8s2/
diff --git a/.terraform-version b/.terraform-version
index 1ee43fc..e6adeaa 100644
--- a/.terraform-version
+++ b/.terraform-version
@@ -1 +1 @@
-0.11.8
+0.11.12-beta1
diff --git a/cloudflare/main.tf b/cloudflare/main.tf
index 40e71f6..9fb6ab6 100644
--- a/cloudflare/main.tf
+++ b/cloudflare/main.tf
@@ -64,6 +64,32 @@ resource "cloudflare_record" "vpn_wildcard" {
   ttl    = 3600
 }
 
+/**
+ *   vpn.bb8.fun
+ * *.vpn.bb8.fun
+ */
+resource "cloudflare_record" "dovpn" {
+  domain = "${var.domain}"
+  name   = "dovpn"
+  value  = "${var.ips["dovpn"]}"
+  type   = "A"
+}
+
+resource "cloudflare_record" "dovpn_wildcard" {
+  domain = "${var.domain}"
+  name   = "*.dovpn.${var.domain}"
+  value  = "${cloudflare_record.dovpn.hostname}"
+  type   = "CNAME"
+  ttl    = 3600
+}
+
+resource "cloudflare_record" "etcd" {
+  domain = "${var.domain}"
+  name   = "etcd"
+  value  = "${var.ips["dovpn"]}"
+  type   = "A"
+}
+
 ########################
 ## Mailgun Mailing Lists
 ########################
@@ -98,10 +124,10 @@ resource "cloudflare_record" "mailgun-mxb" {
   priority = 20
 }
 
-resource "cloudflare_record" "k8s-talk" {
+resource "cloudflare_record" "k8s" {
   domain = "${var.domain}"
   name   = "k8s"
-  value  = "lightsaber.captnemo.in"
-  type   = "CNAME"
+  value  = "10.8.0.1"
+  type   = "A"
   ttl    = 3600
 }
diff --git a/kayak.tf b/kayak.tf
new file mode 100644
index 0000000..a15ea2d
--- /dev/null
+++ b/kayak.tf
@@ -0,0 +1,47 @@
+// Points to the local working directory instead of
+// the published version
+module "kayak" {
+  source    = "../terraform-digitalocean-kayak"
+  cert_path = "${path.root}/secrets/kayak"
+  domain    = "kayak.${var.root-domain}"
+  ssh_key   = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQD0Getey8585AqdgIl9mqQ3SH9w6z7NZUW4HXdOqZwC7sYEaDrLOBV014gtFS8h8ymm4dcw6xEGUkaavcHC8W9ChTLKBMK4N1/sUS/umLy+Wi/K//g13y0VHSdvcc+gMQ27b9n/DwDY4ZKkaf6t+4HWyFWNh6gp0cT1WCyLNlsER55KUdy+C1lCOpv1SMepOaYc7uyBlC9FfgewJho/OfxnoTztQV6QeSGfr2Xr94Ip1FUPoLoBLLilh4ZbCe6F6bqn0kNgVBTkrVwWJv5Z0jCJpUjER69cqjASRao9KCHkyPtybzKKhCLZIlB3QMggEv0xnlHMpeeuDWcGrBVPKI8V"
+
+  asset_dir = "${path.root}/k8s"
+
+  providers {
+    docker = "docker.kayak"
+  }
+}
+
+provider "docker" {
+  host          = "tcp://${cloudflare_record.kayak-docker.hostname}:2376"
+  version       = "~> 2.0.0"
+  alias         = "kayak"
+  ca_material   = "${module.kayak.docker_ca_cert}"
+  cert_material = "${module.kayak.docker_client_cert}"
+  key_material  = "${module.kayak.docker_client_key}"
+}
+
+resource "cloudflare_record" "kayak-docker" {
+  name   = "docker.kayak"
+  value  = "${module.kayak.droplet_ipv4}"
+  domain = "${var.root-domain}"
+  type   = "A"
+  ttl    = 120
+}
+
+resource "cloudflare_record" "kayak" {
+  name   = "kayak"
+  value  = "${module.kayak.droplet_ipv4}"
+  domain = "${var.root-domain}"
+  type   = "A"
+  ttl    = 120
+}
+
+resource "cloudflare_record" "kayak-etcd" {
+  name   = "etcd.kayak"
+  value  = "${module.kayak.droplet_ipv4_private}"
+  domain = "${var.root-domain}"
+  type   = "A"
+  ttl    = 120
+}
diff --git a/kube-test.tf b/kube-test.tf
new file mode 100644
index 0000000..fae4802
--- /dev/null
+++ b/kube-test.tf
@@ -0,0 +1,22 @@
+// Bring up a simple test container
+// In the controller node
+
+resource "kubernetes_pod" "nginx" {
+  metadata {
+    name      = "terraform-example"
+    namespace = "default"
+  }
+
+  spec {
+    toleration {
+      key      = "node-role.kubernetes.io/master"
+      operator = "Exists"
+      effect   = "NoSchedule"
+    }
+
+    container {
+      image = "nginx:latest"
+      name  = "nginx"
+    }
+  }
+}
diff --git a/main.tf b/main.tf
index 1b3d938..1329e2f 100644
--- a/main.tf
+++ b/main.tf
@@ -67,12 +67,11 @@ module "resilio" {
 }
 
 module "media" {
-  source                 = "media"
-  domain                 = "bb8.fun"
-  traefik-labels         = "${var.traefik-common-labels}"
-  airsonic-smtp-password = "${var.airsonic-smtp-password}"
-  ips                    = "${var.ips}"
-  traefik-network-id     = "${module.docker.traefik-network-id}"
+  source             = "media"
+  domain             = "bb8.fun"
+  traefik-labels     = "${var.traefik-common-labels}"
+  ips                = "${var.ips}"
+  traefik-network-id = "${module.docker.traefik-network-id}"
 }
 
 module "monitoring" {
diff --git a/media/airsonic.tf b/media/airsonic.tf
index 74986bf..8de3640 100644
--- a/media/airsonic.tf
+++ b/media/airsonic.tf
@@ -4,7 +4,7 @@ module "airsonic" {
   name   = "airsonic"
 
   resource {
-    memory = "256"
+    memory = "1024"
   }
 
   web {
@@ -13,8 +13,6 @@ module "airsonic" {
     expose = true
   }
 
-  user = "lounge:audio"
-
   env = [
     "PUID=1004",
     "PGID=1003",
@@ -22,6 +20,11 @@ module "airsonic" {
     "JAVA_OPTS=-Xmx512m -Dserver.use-forward-headers=true -Dserver.context-path=/",
   ]
 
+  devices = [{
+    host_path      = "/dev/snd"
+    container_path = "/dev/snd"
+  }]
+
   # files = [
   #   "/usr/lib/jvm/java-1.8-openjdk/jre/lib/airsonic.properties",
   #   "/usr/lib/jvm/java-1.8-openjdk/jre/lib/sound.properties",
@@ -50,15 +53,22 @@ module "airsonic" {
       host_path      = "/mnt/xwing/config/airsonic/podcasts"
       container_path = "/podcasts"
     },
+    {
+      host_path      = "/mnt/xwing/config/airsonic/jre"
+      container_path = "/usr/lib/jvm/java-1.8-openjdk/jre/lib/"
+    },
   ]
 }
 
-data "template_file" "airsonic-properties-file" {
-  template = "${file("${path.module}/conf/airsonic.properties.tpl")}"
+# data "template_file" "airsonic-properties-file" {
+#   template = "${file("${path.module}/conf/airsonic.properties.tpl")}"
 
-  vars {
-    smtp-password = "${var.airsonic-smtp-password}"
 
-    # db-password   = "${var.airsonic-db-password}"
-  }
-}
+#   vars {
+#     smtp-password = "${var.airsonic-smtp-password}"
+
+
+#     # db-password   = "${var.airsonic-db-password}"
+#   }
+# }
+
diff --git a/media/jackett.tf b/media/jackett.tf
index 07b5b4d..5ed6256 100644
--- a/media/jackett.tf
+++ b/media/jackett.tf
@@ -11,8 +11,6 @@ module "jackett" {
     host   = "jackett.${var.domain}"
   }
 
-  networks = ["${docker_network.media.id}", "${var.traefik-network-id}"]
-
   volumes = [{
     host_path      = "/mnt/xwing/config/jackett"
     container_path = "/config"
diff --git a/media/radarr.tf b/media/radarr.tf
index 16c6d32..d7b7095 100644
--- a/media/radarr.tf
+++ b/media/radarr.tf
@@ -16,8 +16,6 @@ module "radarr" {
     memory_swap = 1024
   }
 
-  networks = ["${docker_network.media.id}", "${var.traefik-network-id}"]
-
   volumes = [
     {
       host_path      = "/mnt/xwing/config/radarr"
diff --git a/media/variables.tf b/media/variables.tf
index 0fdd605..1d66838 100644
--- a/media/variables.tf
+++ b/media/variables.tf
@@ -2,7 +2,7 @@ variable "domain" {
   type = "string"
 }
 
-variable "airsonic-smtp-password" {}
+# variable "airsonic-smtp-password" {}
 
 variable "traefik-labels" {
   type = "map"
diff --git a/modules/container/main.tf b/modules/container/main.tf
index 2c9d59c..248bb55 100644
--- a/modules/container/main.tf
+++ b/modules/container/main.tf
@@ -3,7 +3,7 @@ data "docker_registry_image" "image" {
 }
 
 resource "docker_image" "image" {
-  name          = "${data.docker_registry_image.image.name}"
+  name          = "${var.image}"
   pull_triggers = ["${data.docker_registry_image.image.sha256_digest}"]
 }
 
@@ -31,6 +31,7 @@ resource "docker_container" "container" {
   memory_swap = "${local.resource["memory_swap"]}"
 
   volumes = ["${var.volumes}"]
+  devices = ["${var.devices}"]
 
   # Look at this monstrosity
   # And then https://github.com/hashicorp/terraform/issues/12453#issuecomment-365569618
diff --git a/modules/container/vars.tf b/modules/container/vars.tf
index 0540ab0..b77fda6 100644
--- a/modules/container/vars.tf
+++ b/modules/container/vars.tf
@@ -88,3 +88,9 @@ variable "volumes" {
   type        = "list"
   default     = []
 }
+
+variable "devices" {
+  description = "volumes"
+  type        = "list"
+  default     = []
+}
diff --git a/providers.tf b/providers.tf
index 95afb20..c9eedb8 100644
--- a/providers.tf
+++ b/providers.tf
@@ -4,11 +4,11 @@ provider "docker" {
   version   = "~> 2.0.0"
 }
 
-provider "docker" {
-  host      = "tcp://dovpn.vpn.bb8.fun:2376"
-  cert_path = "./secrets/sydney"
-  alias     = "sydney"
-  version   = "~> 2.0.0"
+provider "kubernetes" {
+  version = "1.3.0-custom"
+  host    = "https://k8s.bb8.fun:6443"
+
+  config_path = "${path.root}/k8s/auth/kubeconfig"
 }
 
 provider "cloudflare" {
diff --git a/state.tf b/state.tf
new file mode 100644
index 0000000..91d84e1
--- /dev/null
+++ b/state.tf
@@ -0,0 +1,8 @@
+terraform {
+  backend "s3" {
+    bucket  = "rmx-nemo"
+    key     = "terraform/nebula.tfstate"
+    region  = "ap-south-1"
+    profile = "nebula"
+  }
+}
diff --git a/variables.tf b/variables.tf
index 1f50bdc..7a4dce8 100644
--- a/variables.tf
+++ b/variables.tf
@@ -27,6 +27,7 @@ variable "ips" {
   default = {
     eth0   = "192.168.1.111"
     tun0   = "10.8.0.14"
+    dovpn  = "10.8.0.1"
     static = "139.59.48.222"
   }
 }